Combofix log
Hi, I ran combofix but I had to rename it to combfix to get it to run. The program also had me restart a couple of times. Hope these are normal because the instuctions say nothing about rebooting. Here are the logs.
ComboFix 09-08-02.04 - Goodman 08/03/2009 7:32.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.673 [GMT -4:00]
Running from: c:\documents and settings\Goodman\Desktop\CombFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090802-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Goodman\Application Data\inst.exe
c:\windows\Installer\51cf032.msi
c:\windows\Installer\51cf049.msi
c:\windows\system32\_scui.cpl
c:\windows\system32\DelSelf.bat
c:\windows\system32\drivers\ESQULdvjktltubykkjyenhwtvdjovvppflmsu.sys
c:\windows\system32\ESQULepbvcnrypwtaprnlsssaorghuulbrctd.dll
c:\windows\system32\ESQULexyskodppvriyrlesmawqniroihxemlk.dll
c:\windows\system32\ESQULzcounter
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_ESQULserv.sys
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.
2009-07-28 18:17 . 2009-07-28 18:18 -------- d-----w- c:\program files\ERUNT
2009-07-28 18:11 . 2009-07-28 18:11 -------- d-----w- c:\program files\Trend Micro
2009-07-28 17:58 . 2009-07-28 17:58 -------- d-----w- c:\program files\JavaFX
2009-07-28 17:57 . 2009-07-28 17:57 -------- d-----w- c:\program files\Sun
2009-07-28 17:41 . 2009-07-28 17:55 -------- d-----w- c:\documents and settings\Goodman\.SunDownloadManager
2009-07-28 17:18 . 2009-07-29 11:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-28 17:18 . 2009-07-29 11:06 -------- d-----w- c:\program files\NOS
2009-07-28 16:33 . 2009-07-28 16:33 -------- d-----w- c:\documents and settings\Goodman\Local Settings\Application Data\PC_Drivers_Headquarters
2009-07-28 16:32 . 2009-07-28 16:32 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Drivers HeadQuarters
2009-07-28 16:32 . 2009-07-28 16:32 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-07-28 13:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-28 13:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-28 13:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-28 13:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-28 13:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-28 13:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-28 13:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-28 13:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-28 13:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-28 13:40 . 2009-07-28 13:40 -------- d-----w- c:\program files\Alwil Software
2009-07-23 12:46 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-23 11:41 . 2009-07-23 13:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 14:13 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2009-07-22 14:13 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2009-07-21 14:47 . 2009-07-21 14:47 0 ----a-w- c:\windows\nsreg.dat
2009-07-21 14:47 . 2009-07-21 14:47 -------- d-----w- c:\documents and settings\Goodman\Local Settings\Application Data\Mozilla
2009-07-21 14:38 . 2009-07-21 14:38 -------- d-----w- c:\program files\Common Files\Scanner
2009-07-21 14:38 . 2009-07-21 14:40 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-07-21 14:00 . 2009-07-21 14:00 -------- d-sh--w- c:\documents and settings\Goodman\PrivacIE
2009-07-21 13:57 . 2009-07-21 13:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-07-21 13:57 . 2009-07-21 13:57 -------- d-sh--w- c:\documents and settings\Goodman\IETldCache
2009-07-21 13:55 . 2009-07-21 13:55 -------- dc-h--w- c:\windows\ie8
2009-07-21 13:46 . 2009-07-23 13:37 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-21 13:45 . 2009-07-21 13:45 -------- d-----w- c:\program files\Google
2009-07-21 13:31 . 2009-07-21 14:24 -------- d-----w- c:\program files\Panda Security
2009-07-21 13:03 . 2009-07-21 13:03 -------- d-----w- c:\program files\Yahoo!
2009-07-21 13:03 . 2009-07-21 13:03 -------- d-----w- c:\documents and settings\Goodman\Application Data\Yahoo!
2009-07-21 13:03 . 2009-07-21 13:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2009-07-21 13:03 . 2009-07-21 13:04 -------- d-----w- c:\program files\CCleaner
2009-07-21 12:47 . 2009-07-21 12:47 -------- d-----w- c:\documents and settings\Goodman\Application Data\AVG8
2009-07-21 12:35 . 2009-07-23 11:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\STOPzilla!
2009-07-21 12:30 . 2009-07-21 12:30 19943 ----a-w- c:\windows\iveda.scr
2009-07-21 12:30 . 2009-07-21 12:30 19801 ----a-w- c:\windows\omocavov.reg
2009-07-21 12:30 . 2009-07-21 12:30 16512 ----a-w- c:\documents and settings\Goodman\Local Settings\Application Data\epyhup.sys
2009-07-21 12:30 . 2009-07-21 12:30 15904 ----a-w- c:\windows\dosagec.bat
2009-07-21 12:30 . 2009-07-21 12:30 12617 ----a-w- c:\documents and settings\Goodman\Local Settings\Application Data\ususydigo.bin
2009-07-21 12:30 . 2009-07-21 12:30 12564 ----a-w- c:\program files\Common Files\erucit.bat
2009-07-21 12:30 . 2009-07-21 12:30 11191 ----a-w- c:\windows\ugyja.vbs
2009-07-21 12:30 . 2009-07-21 12:30 11097 ----a-w- c:\windows\ywedakowi.exe
2009-07-21 12:30 . 2009-07-24 18:17 -------- d-----w- c:\program files\HomeAntivirus2010
2009-07-21 11:57 . 2009-07-21 11:57 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-07-09 15:59 . 2009-07-10 10:54 -------- d-----w- c:\documents and settings\Goodman\Application Data\Vso
2009-07-09 15:59 . 2009-07-10 10:54 47360 ----a-w- c:\documents and settings\Goodman\Application Data\pcouffin.sys
2009-07-09 15:59 . 2009-07-09 15:59 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-07-09 15:56 . 2009-07-09 16:08 -------- d-----w- c:\documents and settings\Goodman\Application Data\GetRightToGo
2009-07-09 15:24 . 2009-07-09 15:24 -------- d-----w- C:\videodvdmaker
2009-07-09 15:24 . 2009-07-09 15:24 -------- d-----w- c:\documents and settings\Goodman\Application Data\Video DVD Maker FREE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 13:53 . 2008-12-22 17:50 103152 ----a-w- c:\documents and settings\Goodman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-28 17:56 . 2009-07-23 16:06 -------- d-----w- c:\program files\Java
2009-07-28 17:41 . 2008-12-22 17:58 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-23 16:06 . 2009-07-23 16:06 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 16:06 . 2009-07-23 16:06 152576 ----a-w- c:\documents and settings\Goodman\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-22 14:24 . 2009-02-17 15:51 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\FLEXnet
2009-07-21 14:23 . 2008-12-22 17:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 12:46 . 2009-05-26 18:26 -------- d-----w- c:\program files\ahead
2009-07-21 12:30 . 2009-07-21 12:30 15574 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\noxynulij.pif
2009-07-21 12:30 . 2009-07-21 12:30 13172 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\gadukukowu.pif
2009-07-21 12:30 . 2009-07-21 12:30 11290 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\kyjevuw.com
2009-07-21 12:30 . 2009-07-21 12:30 10999 ----a-w- c:\docume~1\ALLUSE~1\APPLIC~1\tocobe.dat
2009-07-02 15:53 . 2009-07-02 15:56 46840 ----a-w- c:\windows\Fonts\MMOETRIAL.ttf
2009-07-02 15:53 . 2009-07-02 15:56 33188 ----a-w- c:\windows\Fonts\MMOETRIAL.otf
2009-07-02 15:53 . 2009-07-02 15:56 25944 ----a-w- c:\windows\Fonts\culia1.ttf
2009-07-01 15:57 . 2009-07-01 15:57 780708 ----a-w- c:\windows\system32\Old Milwaukee Screen Saver 2.scr
2009-06-16 14:36 . 2004-08-12 13:30 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-12 13:19 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-08 14:45 . 2009-06-08 14:45 -------- d-----w- c:\program files\Old Milwaukee
2009-06-08 14:45 . 2009-06-08 14:45 2650558 ----a-w- c:\windows\system32\Old Milwaukee Screen Saver1.scr
2009-06-08 14:36 . 2009-06-08 14:36 2794942 ----a-w- C:\OMSS1_Install.zip
2009-06-08 12:00 . 2009-02-17 15:41 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-08 11:38 . 2009-06-08 11:40 29884 ----a-w- c:\windows\Fonts\CW_TOONS.TTF
2009-06-04 16:02 . 2009-06-04 16:03 314116 ----a-w- c:\windows\Fonts\bloodcrows.ttf
2009-06-04 16:02 . 2009-06-04 16:03 308752 ----a-w- c:\windows\Fonts\bloodcrowsc.ttf
2009-06-04 16:02 . 2009-06-04 16:03 304596 ----a-w- c:\windows\Fonts\bloodcrowsi.ttf
2009-06-04 16:02 . 2009-06-04 16:03 302040 ----a-w- c:\windows\Fonts\bloodcrowsci.ttf
2009-06-04 16:02 . 2009-06-04 16:03 165828 ----a-w- c:\windows\Fonts\bloodcrowe.ttf
2009-06-04 16:02 . 2009-06-04 16:03 164320 ----a-w- c:\windows\Fonts\bloodcrow.ttf
2009-06-04 16:02 . 2009-06-04 16:03 161676 ----a-w- c:\windows\Fonts\bloodcrowei.ttf
2009-06-04 16:02 . 2009-06-04 16:03 160496 ----a-w- c:\windows\Fonts\bloodcrowc.ttf
2009-06-04 16:02 . 2009-06-04 16:03 155100 ----a-w- c:\windows\Fonts\bloodcrowci.ttf
2009-06-04 16:02 . 2009-06-04 16:03 152456 ----a-w- c:\windows\Fonts\bloodcrowl.ttf
2009-06-04 16:02 . 2009-06-04 16:03 148916 ----a-w- c:\windows\Fonts\bloodcrowi.ttf
2009-06-04 16:01 . 2009-06-04 16:04 130164 ----a-w- c:\windows\Fonts\Rugged type.ttf
2009-06-04 16:01 . 2009-06-04 16:03 414728 ----a-w- c:\windows\Fonts\decade_3_D.ttf
2009-06-04 16:00 . 2009-06-04 16:03 148896 ----a-w- c:\windows\Fonts\Bleeding_Cowboys.ttf
2009-06-03 19:09 . 2004-08-12 13:26 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 17:04 . 2009-06-01 17:05 21740 ----a-w- c:\windows\Fonts\jetmix.ttf
2009-06-01 17:04 . 2009-06-01 17:05 72480 ----a-w- c:\windows\Fonts\GFSCUS1D.ttf
2009-05-22 12:54 . 2009-05-22 12:56 55637 ----a-w- c:\windows\Fonts\Gabriele.PFB
2009-05-22 12:54 . 2009-05-22 12:56 1614 ----a-w- c:\windows\Fonts\Gabriele.pfm
2009-05-15 16:48 . 2009-05-15 16:49 38364 ----a-w- c:\windows\Fonts\Josschrift_Bold.ttf
2009-05-15 16:48 . 2009-05-15 16:50 350736 ----a-w- c:\windows\Fonts\GREMLINS.TTF
2009-05-15 16:48 . 2009-05-15 16:49 109808 ----a-w- c:\windows\Fonts\Font-On-A-Stick.ttf
2009-05-14 11:16 . 2009-05-14 11:13 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-05-13 17:02 . 2009-05-13 17:04 32984 ----a-w- c:\windows\Fonts\rufbrush.ttf
2009-05-07 15:32 . 2004-08-12 13:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-07-15 20:30 . 2009-07-21 14:47 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 9.0\Acrobat\AdobeCollabSync.exe" [2008-06-12 542096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-23 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
c:\documents and settings\Goodman\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/28/2009 9:40 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/28/2009 9:40 AM 20560]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\AutoUpdate\OnxUpdtService.exe [1/23/2009 5:31 PM 53248]
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSCv2\WLService.exe [3/9/2009 1:07 PM 65596]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [3/9/2009 1:07 PM 198144]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cavs.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\docume~1\Goodman\APPLIC~1\Mozilla\Firefox\Profiles\fcjswobr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cavs.com/
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-08-03 07:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\spkrmon.exe
c:\program files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-03 7:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 11:42
Pre-Run: 34,280,689,664 bytes free
Post-Run: 56,944,988,160 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
277 --- E O F --- 2009-07-21 13:56
DDS (Ver_09-07-30.01) - NTFSx86
Run by Goodman at 7:46:05.84 on Mon 08/03/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.671 [GMT -4:00]
AV: avast! antivirus 4.8.1335 [VPS 090802-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Onyx\AutoUpdate\OnxUpdtService.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Linksys\WUSB54GSCv2\WLService.exe
C:\Program Files\Linksys\WUSB54GSCv2\WUSB54GSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rsvp.exe
C:\Documents and Settings\Goodman\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.cavs.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Adobe Acrobat Synchronizer] "c:\program files\adobe\acrobat 9.0\acrobat\AdobeCollabSync.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
StartupFolder: c:\docume~1\goodman\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\goodman\applic~1\mozilla\firefox\profiles\fcjswobr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cavs.com/
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-7-28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-7-28 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-7-28 138680]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 OnyxUpdaterService;Onyx Updater;c:\onyx\autoupdate\OnxUpdtService.exe [2009-1-23 53248]
R2 WUSB54GSC;WUSB54GSC;c:\program files\linksys\wusb54gscv2\WLService.exe [2009-3-9 65596]
R3 WUSB54GSCV2;Compact Wireless-G USB Network Adapter with SpeedBooster Service;c:\windows\system32\drivers\WUSB54GSCV2.sys [2009-3-9 198144]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-7-28 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-7-28 352920]
=============== Created Last 30 ================
2009-08-03 07:42 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-03 07:25 <DIR> a-dshr-- C:\cmdcons
2009-08-03 07:17 219,648 a------- c:\windows\PEV.exe
2009-08-03 07:17 161,792 a------- c:\windows\SWREG.exe
2009-08-03 07:17 98,816 a------- c:\windows\sed.exe
2009-07-28 14:11 <DIR> --d----- c:\program files\Trend Micro
2009-07-28 13:58 <DIR> --d----- c:\program files\JavaFX
2009-07-28 13:57 <DIR> --d----- c:\program files\Sun
2009-07-28 13:41 <DIR> --d----- c:\documents and settings\goodman\.SunDownloadManager
2009-07-28 12:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-07-28 12:32 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-07-24 07:02 <DIR> --dsh--- c:\documents and settings\goodman\IECompatCache
2009-07-24 06:22 <DIR> --d----- c:\documents and settings\goodman\.housecall6.6
2009-07-23 12:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-23 12:06 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-23 08:46 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-07-23 07:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-22 10:13 45,392 a----r-- c:\windows\system32\AdobePDF.dll
2009-07-22 10:13 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-07-21 10:38 <DIR> --d----- c:\program files\common files\Scanner
2009-07-21 10:38 <DIR> --d----- c:\program files\CA Yahoo! Anti-Spy
2009-07-21 10:24 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-21 10:21 10 a------- c:\windows\WININIT.INI
2009-07-21 10:00 <DIR> --dsh--- c:\documents and settings\goodman\PrivacIE
2009-07-21 09:57 <DIR> --dsh--- c:\documents and settings\goodman\IETldCache
2009-07-21 09:55 <DIR> -cd-h--- c:\windows\ie8
2009-07-21 09:31 <DIR> --d----- c:\program files\Panda Security
2009-07-21 09:03 <DIR> --d----- c:\program files\Yahoo!
2009-07-21 09:03 <DIR> --d----- c:\program files\CCleaner
2009-07-21 08:47 <DIR> --d----- c:\docume~1\goodman\applic~1\AVG8
2009-07-21 08:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-07-21 08:30 19,943 a------- c:\windows\iveda.scr
2009-07-21 08:30 19,801 a------- c:\windows\omocavov.reg
2009-07-21 08:30 18,631 a------- c:\windows\ufijeke.dl
2009-07-21 08:30 15,904 a------- c:\windows\dosagec.bat
2009-07-21 08:30 15,574 a------- c:\docume~1\alluse~1\applic~1\noxynulij.pif
2009-07-21 08:30 13,172 a------- c:\docume~1\alluse~1\applic~1\gadukukowu.pif
2009-07-21 08:30 12,564 a------- c:\program files\common files\erucit.bat
2009-07-21 08:30 11,290 a------- c:\docume~1\alluse~1\applic~1\kyjevuw.com
2009-07-21 08:30 11,191 a------- c:\windows\ugyja.vbs
2009-07-21 08:30 11,097 a------- c:\windows\ywedakowi.exe
2009-07-21 08:30 10,999 a------- c:\docume~1\alluse~1\applic~1\tocobe.dat
2009-07-21 08:30 10,370 a------- c:\windows\system32\curotibyti.ban
2009-07-21 08:30 <DIR> --d----- c:\program files\HomeAntivirus2010
2009-07-09 11:59 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-07-09 11:59 47,360 a------- c:\docume~1\goodman\applic~1\pcouffin.sys
2009-07-09 11:56 <DIR> --d----- c:\docume~1\goodman\applic~1\GetRightToGo
2009-07-09 11:24 <DIR> --d----- C:\videodvdmaker
2009-07-09 11:24 <DIR> --d----- c:\docume~1\goodman\applic~1\Video DVD Maker FREE
==================== Find3M ====================
2009-07-01 11:57 780,708 a------- c:\windows\system32\Old Milwaukee Screen Saver 2.scr
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-08 10:45 2,650,558 a------- c:\windows\system32\Old Milwaukee Screen Saver1.scr
2009-06-08 10:36 2,794,942 a------- C:\OMSS1_Install.zip
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-22 08:54 1,614 a------- c:\windows\fonts\Gabriele.pfm
2009-05-14 07:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
============= FINISH: 7:46:15.46 ===============